AWS Certified Database – Specialty — Question 354

An ecommerce company uses a backend application that stores data in an Amazon DynamoDB table. The backend application runs in a private subnet in a VPC and must connect to this table.
The company must minimize any network latency that results from network connectivity issues, even during periods of heavy application usage. A database administrator also needs the ability to use a private connection to connect to the DynamoDB table from the application.
Which solution will meet these requirements?

Answer options

• A. Use network ACLs to ensure that any outgoing or incoming connections to any port except DynamoDB are deactivated. Encrypt API calls by using TLS.
• B. Create a VPC endpoint for DynamoDB in the application's VPC. Use the VPC endpoint to access the table.
• C. Create an AWS Lambda function that has access to DynamoDB. Restrict outgoing access only to this Lambda function from the application.
• D. Use a VPN to route all communication to DynamoDB through the company's own corporate network infrastructure.

Correct answer: B

Explanation

Creating a VPC endpoint for Amazon DynamoDB allows resources in a private subnet to connect privately and securely to the database without traversing the public internet, which minimizes latency and avoids external network issues. Restricting traffic via network ACLs or routing it through an on-premises VPN does not provide a direct, low-latency private path within AWS. Using an intermediate AWS Lambda function introduces unnecessary architectural complexity and added latency without addressing the core network routing requirement.